Riviera Beach, Florida has paid $600,000 to hackers that took over city computer systems. The Riviera Beach City Council made the decision yesterday. Paying the ransom comes alongside a separate decision to spend $1 million updating municipal technology to avoid future attacks. The ransom payment will be covered by insurance and will be made in Bitcoin.
The attack was the result of a city worker clicking on a phishing link in an email. The malware took over administrative functions and also prohibited 911 dispatchers from recording calls. Even though the city is paying the ransom there is no guarantee that city records will be fully restored.
Riviera Beach is faced with the same dilemma many major US cities have been faced with over the years as the number of ransomware attacks have increased. Paying the ransom seems expedient, but there are no guarantees. Not all cities have opted to pay, some have found ways around cyber adversaries. These attacks often take weeks to clean up and usually end up costing much more than the initial ransom demand.
Other high profile attacks have included Albany, Atlanta, Baltimore, Cleveland and elsewhere.
According to security reports from both Verizon and Symantec, humans continue to be the weakest link in cyber defense. Malicious links and attachments are some of the most common forms of compromising systems. These attacks often get around more sophisticated systems when individuals assume they are trustworthy. In addition to maintaining up to date technology, governments have to invest in training that helps workers identify potentially suspicious messages.